Hybrid Interruption Finding System Pankaj Chittora Tushar Vyas Assistant Professor, Dept of Computer Science Vivekananda Institute of Technology-East Jaipur, India pankaj.c.vit@gmail.com Abstract- An interruption finding system (IFS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an interruption attempt but this is neither required nor expected of a monitoring system. Interruption finding and avoidance systems (IFAS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IFASes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IFASes have become a necessary addition to the security infrastructure of nearly every organization. Different methods can be used to detect interruption s which makes a number of assumptions that are specific only to the particular method. Hence, in addition to the definition of the security policy and the access patterns which are used in the learning phase of the detector, the attack finding capability of an interruption finding system also depends upon the assumptions made by individual methods for interruption finding. The purpose of an interruption finding system is to detect attacks. However, it is equally important to detect attacks at an early stage in order to minimize their impact. I have used Dataset and Classifier to refine Intruders in Networks. Keywords- (IFS), (IFAS) I. INTRODUCTION In the 21st century the development of telecommunications networks has taken giant leaps from circuit and packet switched networks towards all-IP based networks. This development has created a unified environment where communication of applications and services (data and voice) are being transferred on top of the IP-protocol. Although the development of communication networks has been towards a better sustainability of technologies it has also raised new unwanted possibilities. Threats that were applicable only in the fixed networks are now feasible in the radio access networks. When taken into account that threats are becoming more and more sophisticated it also means that the security systems have to become more intelligent. The basic security measurements such as firewalls and antivirus scanners are in their limits to cope with the overgrowing number of intelligent attacks from the Internet. A solution to enhance the overall security of the networks is to increase the security layers with interruption finding systems. To understand what role interruption finding has in telecommunications networks it can be thought through a simple example. Assistant Professor, Dept of Computer Science Vivekananda Institute of Technology-East Jaipur, India vyas.t.vit@gmail.com Think of interruption finding as a security guard that is guarding the front gate of a factory premises. The premises of the factory represent the network of a mobile operator and the fence surrounding the factory is the operator’s firewall. Employees of the factory represent the traffic in the operator’s network. It is know that factories are well protected and they do not want to let people inside the premises that do not have the required clearances. The fence or firewall in this case, is in charge to keep all unwanted visitors outside the factory premises. Just like in a firewall, a fence has holes (gates) in it to let employees move in and out of the factory premises. These holes in the fence though leave the factory vulnerable to the unwanted visitors and this is why the factory has a security guard guarding the gate. Depending on the role that the security guard is in, while he is monitoring the people going in and out of the factory premises, he either notifies the head of security when he detects a suspicious looking person walking through the gate. Or he steps in and prevents this person from entering the factory premises. The basic functionality of an interruption finding system is the first example of the security guard. IFS generate an alarm when it detects something suspicious and then the security personnel of the network operator further investigate the cause of the alarm. An interruption finding system (IFS) is a device, typically a designated computer system, which monitors activity to identify malicious or suspicious alerts. It is placed inside an organization to monitor what occurs within the network of the organization. The goal of an interruption finding system is to accurately detect computer security incidents, and notify network administrators. A distinction is made between alerts and incidents by an interruption finding system. Alerts are defined as all the observable actions on the computer network that are picked up by the sensors of an interruption finding system. Incidents are malicious or suspicious alerts that have a high enough value to be considered a security-relevant system event in which the system’s security policy is disobeyed or otherwise breached. An IFS consists of four components, according to the Common Interruption Finding Framework (CIDF); event generators, analyzers, event databases and response units. In the research of this thesis, Dataset is used to provide attacks and normal data to analyzer. An effort will be made to choose a machine learning method that can be used as an analyzer, which improves the finding rate alerts from incidents. An event database will be used to train the analyzer, and to evaluate its predictions. The response units will not be within the scope of this thesis, but can be controlled by the decisions of the analyser. II. INTERRUPTION FINDING AND INTERRUPTION FINDING SYSTEM The interruption finding systems are a critical component in the network security arsenal. Pankaj Chittora et al, Int.J.Computer Technology & Applications,Vol 5 (3),1184-1187 IJCTA | May-June 2014 Available online@www.ijcta.com 1184 ISSN:2229-6093